<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Hello, I’m using WebKitGtk 2.4.4. It branched from trunk at r163300 on Feb. 03, 2014. That may not have been a great moment for JavaScriptCore. The jsCStack branch had recently been merged, and 2.4.4 has numerous JSC crashes, especially in DFG. Disabling DFG is a reasonable short-term solution for my use case, but it leaves one crash I’m having trouble debugging. The release build crashes here:<div><br></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/0" title="Ticket #0" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#0</a> 0x00007f1ffd385710 in JSC::JSCell::toBoolean(JSC::ExecState*) const () from libjavascriptcoregtk-1.0.so.0</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/1" title="Ticket #1" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#1</a> 0x00007f1ffd3ac7f0 in ?? () from libjavascriptcoregtk-1.0.so.0</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/2" title="Ticket #2" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#2</a> 0x00007f1ffd3b6de3 in ?? () from libjavascriptcoregtk-1.0.so.0</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/3" title="Ticket #3" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#3</a> 0x00007f1ff7a5d018 in ?? ()</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/4" title="Ticket #4" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#4</a> 0x00007f1ff7a5d000 in ?? ()</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/5" title="Ticket #5" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#5</a> 0x00007f1fb40af970 in ?? ()</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/6" title="Ticket #6" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#6</a> 0x00007f1f7dec6a28 in ?? ()</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/7" title="Ticket #7" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#7</a> 0x00007f1fac4b0ff8 in ?? ()</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/8" title="Ticket #8" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#8</a> 0x00007fffe0e09000 in ?? ()</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/9" title="Ticket #9" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#9</a> 0x00007fffe0e08da0 in ?? ()</font></div><div style="margin: 0px; padding-top: 0px; padding-right: 5px; padding-bottom: 5px; color: rgb(85, 85, 85); line-height: 18px; padding-left: 0px !important;"><font face="Courier New"><a href="https://surfcrew.lighthouseapp.com/projects/120856/tickets/10" title="Ticket #10" style="margin: 0px; padding: 0px; outline: none; color: rgb(51, 136, 187); text-decoration: none;">#10</a> 0x00007f1ffd36bada in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*, JSC::Register*) () from libjavascriptcoregtk-1.0.so.0</font></div><div><font face="Courier New"><span style="color: rgb(85, 85, 85); line-height: 18px;">Backtrace stopped: previous frame inner to this frame (corrupt stack?)</span> </font><div><br></div><div>The debug build asserts:</div><div><br></div><div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#0 0x00007f434f2e692f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:333</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#1 0x00007f434eefe7ba in JSC::validateCell<JSC::Structure*> (cell=0x3569a30) at ../../Source/JavaScriptCore/runtime/WriteBarrier.h:53</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#2 0x00007f434eefe39d in JSC::WriteBarrierBase<JSC::Structure>::operator-> (this=0x7f42fd3bba90) at ../../Source/JavaScriptCore/runtime/WriteBarrier.h:123</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#3 0x00007f434ef1d4fc in JSC::JSCell::isString (this=0x7f42fd3bba90) at ../../Source/JavaScriptCore/runtime/JSCellInlines.h:124</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#4 0x00007f434ef290e3 in JSC::JSCell::toBoolean (this=0x7f42fd3bba90, exec=0x7f42fd3bb878) at ../../Source/JavaScriptCore/runtime/JSCellInlines.h:188</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#5 0x00007f434ef290b5 in JSC::JSValue::toBoolean (this=0x7fff20ff7410, exec=0x7f42fd3bb878) at ../../Source/JavaScriptCore/runtime/JSString.h:521</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#6 0x00007f434f085a84 in JSC::operationConvertJSValueToBoolean (exec=0x7f42fd3bb878, encodedOp=0x7f42fd3bba90) at ../../Source/JavaScriptCore/jit/JITOperations.cpp:861</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#7 0x00007f43069fc99c in ?? ()</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#8 0x00007f43069218e0 in ?? ()</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#9 0x000000000274c130 in ?? ()</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#10 0x000000000301f740 in ?? ()</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#11 0x00000000031e5eb0 in ?? ()</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#12 0x0000000003295eb8 in ?? ()</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#13 0x00007f434a8eae08 in WebCore::JSDOMWindowBase::supportsProfiling (object=0x7f43069218e0) at ../../Source/WebCore/bindings/js/JSDOMWindowBase.cpp:121</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#14 0x00007fff20ff74c0 in ?? ()</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">#15 0x00007f434f06f74c in JSC::JITCode::execute (this=0xf0458b4832eb0000, vm=0xb8077500f07d, protoCallFrame=0x8348f04589480000, topOfStack=0xdb6e8c7894860c0) at ../../Source/JavaScriptCore/jit/JITCode.cpp:48</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New">Backtrace stopped: previous frame inner to this frame (corrupt stack?)</font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><font face="Courier New"><br></font></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;">My question isn’t how to debug this, though any insights would be welcome. Instead I’m hoping to to roll JSC forward or backward to a more stable revision somewhere near 02/2014 (in order to reduce problems merging into WebKitGtk). It seems best to tie it to a contemporaneous Safari release, perhaps from the safari-600.1 branch. I’m wondering if that branch is considered always stable, and therefore safe to pull from at an arbitrary revision. Alternatively, is there a way to discover the revision for a given Safari release?</div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><br></div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;">Thanks for any help,</div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;">Gary</div><div style="font-family: Helvetica; font-size: 12px; margin: 0in;"><br></div></div></div></body></html>